Got Microsoft? Time to Patch Your Windows

Microsoft churned out a bunch of software updates today fix some serious security problems with Windows and other Microsoft products like Internet Explorer (IE), Edge and Office. If you use Microsoft, here are some details about what needs fixing.

As usual, patches for IE and for Edge address the largest number of “critical” vulnerabilities. Critical bugs refer to flaws Microsoft deems serious enough that crooks can exploit them to remotely compromise a vulnerable computer without any help from the user, save for the user visiting some hacked but otherwise legitimate site.

Another bundle of critical bugs targets at least three issues with the way Windows, Office and Skype handle certain types of fonts. Microsoft said attackers could exploit this flaw to take over computers just by getting the victim to view files with specially crafted fonts — either in an Office file like Word or Excel (including via the preview pane), or visiting a hacked/malicious Web site.

Microsoft Office got its own critical patch that fixed at least seven vulnerabilities — including another one exploitable through the preview pane. Microsoft PDF also received a critical patch thanks to a bug that’s exploitable just by getting Edge users to view specially-crafted PDF content in the browser.

For the record, Adobe says it has no plans to issue a Flash Player update today (as per usual) or anytime this month. As always, if you experience any issues downloading or installing any of the Microsoft updates from this month, please don’t hesitate to leave a comment below.

For more information on these and other Microsoft security updates released today, check out the blogs at security vendors Qualys and Shavlik.